Skip to content Skip to footer
Menu Close
Close
Online appointment
Online appointment

Personal Information Protection and Privacy Policy

1. Introduction

This Personal Information Protection Policy (hereinafter referred to as the “Policy”) aims to define the principles and practices of Groupe Serenis Inc. (hereinafter referred to as “Serenis”) regarding the collection, processing, retention, destruction, and protection of Personal Information in accordance with the Act respecting the protection of personal information in the private sector (Chapter P-39.1) (hereinafter referred to as the “Act”). It also outlines, among other things, the roles and responsibilities of Serenis staff members and the process for handling complaints related to the protection of Personal Information.

2. Definitions

“Collection” means the act of gathering, acquiring, or obtaining Personal Information by any means or method, including from Third Parties;

“Consent” means a voluntary agreement to the Collection, Use, and/or Disclosure of Personal Information for purposes determined with the User by Serenis. Consent may be explicit or, under certain conditions provided by the Act, implicit when a file is created. Personal Information must be collected directly from the User or a Third Party; in the latter case, Serenis must obtain written authorization from the User. When Consent is explicit, it must be unambiguous.

“Disclosure” means the act of revealing Personal Information to a person without authorization under the Act or from the User;

“Personal Information” means any information about an individual that allows, directly or indirectly, their identification;

“Person Responsible for the Protection of Personal Information” means the person with the highest authority at Serenis or the person designated in writing to occupy this role, responsible for the protection of Personal Information, including compliance with this Policy within Serenis;

“Third Party” means any person other than the User, Serenis, or its agent;

“User” means any client, employee, or individual who accesses any service offered by Serenis;

“Use” means the processing, handling, and management of Personal Information by Serenis.

3. Responsibilities

When Serenis creates a file on a User, it must inform the User, at the time of Collection and subsequently upon request, of the purpose of the file, the Use that will be made of the Personal Information, the categories of persons who will have access to it within Serenis, where the file will be stored, and the User’s rights to access or correct their Personal Information.

Serenis is responsible for ensuring the security of the Personal Information it holds and must designate the Person Responsible for the Protection of Personal Information, who will ensure compliance with this Policy.

The Person Responsible for the Protection of Personal Information is responsible for the implementation of this Policy. Other Serenis employees may also be designated to assist the Person Responsible for the Protection of Personal Information or to handle the daily activities of Collection, Use, Disclosure, and processing of Personal Information. Serenis will display on its website the title and contact information of the Person Responsible for the Protection of Personal Information, as indicated in section 14 of this Policy.

No Personal Information may be disclosed to a Third Party, except in cases provided by the Act or with the User’s clear, free, and informed authorization, and only for the specified purposes.

4. Scope

This Policy applies to all Personal Information collected, processed, and retained by Serenis in the course of its activities in Quebec, in accordance with the Act.

5. Collection and Use of Personal Information

Serenis will only collect Personal Information necessary for specific and legitimate purposes and will inform Users of the reasons their Personal Information is being collected. The Personal Information collected will only be used for these specific purposes, unless expressly authorized by the User or as permitted by law.

Serenis will take reasonable steps to ensure that the User is informed of the purposes and means for which the Personal Information will be used when their Consent is given.

6. Consent

Serenis will obtain the explicit, free, and informed Consent of Users before collecting, processing, or using their Personal Information. Users have the right to withdraw their Consent at any time.

Users may contact the Person Responsible for the Protection of Personal Information at the contact details below to withdraw their Consent regarding the disclosure and/or Use of their Personal Information held by Serenis. It should be noted that such a withdrawal may result in the Services of Serenis being unavailable to them if the Personal Information is essential to providing the services or fulfilling agreements with them, particularly for employees.

When Personal Information concerns a minor under the age of 14, Consent must be given by the person with parental authority or by the guardian, except when the Collection, Use, or disclosure of Personal Information is clearly for the benefit of the minor. When Personal Information concerns a minor aged 14 and over, Consent is generally obtained directly from the minor, subject to the cases provided by law.

7. Processing of Personal Information

Personal Information will be processed in a lawful, fair, and transparent manner. Serenis will implement appropriate security measures to protect Personal Information against unauthorized access, loss, Disclosure, or alteration.

Serenis will adopt appropriate practices for the Collection, retention, and processing of Personal Information, as well as security measures to ensure protection against unauthorized access to Personal Information and against its modification, Disclosure, or destruction.

8. Retention of Personal Information

Personal Information will only be retained for the reasonable period necessary to achieve the purposes for which it was collected, unless otherwise required by law.

When Serenis has completed its mandate, fulfilled the contract, or the purposes for which it collected Personal Information have been achieved, Serenis may either destroy the Personal Information or anonymize it. However, anonymization may only be carried out for the purpose of using only the anonymized Information for serious and legitimate purposes by Serenis.

9. User Rights

In accordance with the Act, Users have the right to access their Personal Information, correct it, delete it, limit its Use, and object to its disclosure. Requests regarding these rights will be handled diligently and within the timeframes provided by the Act. Serenis must respond within 30 days to any request for access to or correction of Personal Information.

Serenis will ensure that the Personal Information it holds is accurate and up to date when making decisions related to a request.

Serenis will update Personal Information as necessary to make a decision, fulfill the intended purposes, or correct, following a request, any inaccurate Personal Information.

Users may also request that the computerized Personal Information they have provided to Serenis be communicated to them in a structured, commonly used technological format or transferred to another organization, where permitted by the Act.

A User may, by contacting in writing the Person Responsible for the Protection of Personal Information at the contact details below, obtain a copy of the Personal Information Serenis holds about them.

A User may, by contacting in writing the Person Responsible for the Protection of Personal Information at the contact details below, be informed about the use made of their Personal Information.

When Personal Information is disclosed by Serenis, the User may, in cases provided by the Act, request the cessation of its disclosure or the removal of any hyperlink associated with their name.

Serenis currently does not make any decisions producing legal effects on a User, or otherwise significantly affecting them, based solely on automated processing of Personal Information. Should Serenis implement such automated decision-making processes in the future, the User will be informed in advance in accordance with the Act and provided with appropriate mechanisms to submit comments and exercise their rights.

Serenis will not charge any fees for access to the Personal Information file it holds about a User. However, certain fees may apply for reproduction, transmission, or transcription of information.

Serenis may refuse to disclose Personal Information if such disclosure may cause harm to Serenis, a Third Party, or if it would contravene the law. In such cases, Serenis will provide a justification for the refusal.

10. Sharing of Personal Information

Serenis will only share Personal Information with Third Parties to the extent necessary to achieve the specific purposes for which it was collected. Relevant contracts and agreements will be put in place to ensure that Third Parties handle Personal Information in accordance with the Act.

Regarding service providers, Serenis ensures that the processing of Personal Information by a service provider is subject to a written contract guaranteeing the confidentiality of the Personal Information disclosed, so that such Information is used solely for the execution of the contract.

Serenis also conducts privacy impact assessments in other situations provided by the Act, notably during projects involving the acquisition, development, or redesign of information systems that involve Personal Information.

11. International Transfer of Personal Information

International transfers of Personal Information will be carried out in accordance with applicable legal provisions and with appropriate safeguards in place.

When disclosing Personal Information outside of Quebec or entrusting it to a Third Party located outside of Quebec, Serenis commits to collecting, using, disclosing, or retaining Personal Information on its behalf and conducting a Privacy Impact Assessment (PIA).

Where applicable, the following factors are considered: the sensitivity of the Information, the purpose of its Use, the protection measures, including contractual measures, that will apply, and the legal framework in the receiving state, including the principles of Personal Information protection applicable there. Where necessary, a PIA will be conducted for processing activities involving the transfer of Personal Information outside of Quebec.

12. Person Responsible for the Protection of Personal Information

Ms. Jessica Deslauriers-Carosello, Director of Operations, is designated as the Person Responsible for the Protection of Personal Information and is responsible for implementing this Policy.

The Person Responsible for the Protection of Personal Information shall, in particular:

  • Establish and implement policies and practices governing the protection of Personal Information within Serenis;
  • Ensure that the Collection, retention, Use, storage, destruction, anonymization, and disclosure of Personal Information to Third Parties comply with the Act;
  • Provide the applicable framework for the retention and destruction of
  • Personal Information;
  • Take the necessary measures to secure computer systems;
  • Take the necessary measures to prevent confidentiality incidents and, where applicable, prevent their recurrence;
  • Notify the Commission d’accès à l’information and the concerned individuals of a confidentiality incident presenting a risk of serious harm;
  • Maintain a register of confidentiality incidents;
  • Define the roles and responsibilities of company personnel throughout the lifecycle of Personal Information;
  • Conduct a Privacy Impact Assessment when required by the Act;
  • Handle complaints related to the protection of Personal Information;
  • Provide training on the protection of Personal Information.

13. Training and Awareness

Serenis will ensure that its staff is trained and made aware of the importance of maintaining a high level of protection for Personal Information in accordance with the Act.

Serenis will also ensure that more specific training is provided to employees who play a key role in implementing the company’s Personal Information Protection Policy. Annual training sessions on best practices in cybersecurity and Personal Information protection will be provided for all staff members.

14. Complaint

Any person may file a complaint by contacting the Person Responsible for the Protection of Personal Information. Serenis has a process in place for handling complaints related to the processing of Personal Information.

15. Changes to the Policy

Serenis reserves the right to modify this Policy in response to legal and operational developments. Any changes will be communicated to the relevant Users.

All Users are encouraged to review this page to stay informed of updates and how Serenis contributes to the protection of the Personal Information it collects.

16. Contact

For any questions regarding this Policy, to exercise your rights under the Act, or to file a complaint, Users are invited to contact the Person Responsible for the Protection of Personal Information at the email address renseignements@serenis.ca.

This Policy was last updated on November 26, 2025.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.